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DETAILED ACTION 

1 . Claims 1-30 remain for examination. The correspondence filed 2/8/08 amended 
claims 1, 10-12, 20, 21, and 28-30. 

Response to Arguments 

2. Applicant's arguments filed 2/8/08 have been fully considered but they are not 
persuasive. Applicant's arguments against the Guo reference allegedly failing to teach 
the encryption and decryption of authentication information fails to take into account the 
very commonly understood knowledge amongst those of ordinary skill in the art that the 
transmission of one's password in the clear over a network is a serious problem that is 
to be studiously avoided, as it is trivial for hackers to intercept said passwords and 
compromise a user's account. See the enclosed "Eliminating Plaintext Passwords on 
Your Network" reference from the San Diego Supercomputer Center for more 
information. Furthermore, Guo is known to employ SSL encryption for at least some of 
the communications (e.g. paragraph 0039); since SSL is regarded as one viable 
solution to the problem of preventing passwords from being visible over the wire (see 
the chart on page 3 of the "Plaintext Password" reference), thus it would at least be 
immediately obvious, if not inherent to the Guo invention, for the explicitly disclosed 
login information to be encrypted and subsequently decrypted as it travels through the 
network, just as recited in the claims. 
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Claim Rejections - 35 USC §112 

3. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

4. Claims 1-30 are rejected under 35 U.S.C. 112, first paragraph, because the 
specification, while being enabling for no direct connection between the authentication 
server and the client machine, does not reasonably provide enablement for no link [of 
any kind]. The specification does not enable any person skilled in the art to which it 
pertains, or with which it is most nearly connected, to make or use the invention 
commensurate in scope with these claims. The specification recites that, as a 
necessary first step in the authentication process for a user to access a client machine, 
the client machine sends an encrypted message to the authentication server via the 
technician [user]'s machine (specification: page 5, paragraph 0017); without this 
message, the authentication server will not release the valid login information that the 
user can subsequently use to access the client machine. Accordingly, the technician 
[user]'s machine is the "link" by which the authentication server and the client machine 
must communicate in order to practice the instant invention, using the broadest 
reasonable interpretation of the term "link". 

Claim Rejections - 35 USC § 103 

5. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 
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6. Claims 1-30 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Guo (U.S. Patent Application Publication 2003/0217288) in view of Soto etal. (U.S. 
Patent Application Publication 2003/0208695). 

Regarding claims 1, 10-12, 20, and 21: 

Guo discloses a method/system/program for authenticating a user's access to a 
client machine, comprising: communicating a request for access from the user machine 
to the client machine (paragraph 0045; element 32 of Figure 3); establishing a login 
account with login information in response to the request (paragraph 0032); encrypting 
the login information at the client machine and communicating the encrypted login 
information to the user machine (paragraph 0047); communicating the encrypted login 
information and authentication information associated with the user from the user 
machine to an authentication server (Ibid, and element 50 of Figure 3); and decrypting 
the encrypted login information at the authentication server and communicating the 
decrypted login information to the user machine if the authentication information is 
acceptable to the authentication server (paragraphs 0039-0040, and 0049- 0050). For 
the sake of clarity, it is noted that the "client machine" of Guo corresponds to the user 
machine of the claim, and the affiliate server(s) of Guo correspond to the "client 
machine" of the claim. 

Guo does not explicitly disclose wherein it is the client machine that establishes 
the user account and communicates the information to the user machine. However, 
Soto discloses this limitation (paragraphs 0046-0055, but particularly 0053-0055). It 
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would have been obvious to one of ordinary skill in the art at the time the invention was 
made to modify Guo to allow for a client machine to create temporary accounts for a 
user (such as used by a technician or engineer) and securely communicate such 
information to the user machine, as disclosed by Soto. The motivation for doing so 
would be to expedite the process of allowing users to login to a machine for service and 
maintenance without waiting for days for a new account and without compromising 
security (Soto, paragraph 0004). 

It is noted that the login information (including but not limited to usernames and 
passwords) is known and would be encrypted at its source(s) and subsequently 
decrypted at its destination(s), as those of ordinary skill in the art would have long since 
known that sending said login information over a network in an unencrypted fashion was 
a serious security risk which could otherwise defeat the security afforded by the prior art 
inventions (see the enclosed "Eliminating Plaintext Passwords on Your Network" 
reference). Also note that Guo discloses using SSL - a known solution to the 
aforementioned problem clearly within the technical grasp of one of ordinary skill in the 
art - in that invention (paragraph 0039). Accordingly, if using SSL to encrypt and 
decrypt the login information would lead to the anticipated success, it is likely the 
product not of innovation but of ordinary skill and common sense. KSR v. Teleflex, 550 

U.S. at , 82 USPQ2d at 1397. 

Regarding claims 2, 13, and 22: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses communicating an identifier associated with the user from the user 
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machine to the client machine (paragraph 0038); encrypting the identifier at the client 
machine and communicating the encrypted identifier to the user machine (paragraph 
0047); communicating the encrypted identifier from the user machine to the 
authentication server (Ibid, and element 50 of Figure 3); decrypting the encrypted 
identifier at the authentication server (paragraphs 0039-0040); wherein the decrypted 
login information is communicated to the user machine if the decrypted identifier is 
acceptable to the authentication server (Ibid, and paragraphs 0049-0050). 

Regarding claims 3, 14, and 23: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses encrypting the identifier at the client machine and communicating the 
encrypted identifier to the user machine (paragraph 0047); communicating the 
encrypted identifier from the user machine to the authentication server (Ibid, and 
element 50 of Figure 3); decrypting the encrypted identifier at the authentication server 
(paragraphs 0039-0040); wherein the decrypted login information is communicated to 
the user machine if the decrypted identifier is acceptable to the authentication server 
(paragraphs 0049-0050). 

Regarding claims 4, 15, 24, and 28-30: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses communicating the login information from the user machine to the 
client machine to enable the user to access the client machine (paragraph 0049; 
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element 60 of Figure 3). As claims 28-30 consist of all the limitations of claim 4, they 
are rejected by the same rationale. 
Regarding claims 5, 16, and 25: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses wherein the login information comprises at least one of a name and a 
password (paragraph 0032). 
Regarding claims 6, 17, and 26: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses wherein the login information is encrypted at the client machine using a 
public key of a public key-private key pair (paragraph 0040); and the encrypted login 
information is decrypted at the authentication server using the private key of the public 
key-private key pair (Ibid). 

Regarding claims 7, 18, and 27: 

Guo and Soto disclose all the limitations of claims 1,12, and 21 above. Guo 
further discloses wherein the authentication identifier comprises an identifier associated 
with the user (paragraph 0032). 

Regarding claims 8 and 19: 

Guo and Soto disclose all the limitations of claims 1 and 12 above. Guo further 
discloses wherein the encrypted login information is inaccessible to the user machine 
(paragraph 0051). 
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Regarding claim 9: 

Guo and Soto disclose all the limitations of claim 1 above. Guo further discloses 
wherein the request for access is communicated from the user machine to the client 
machine, and the encrypted login information is communicated from the client machine 
to the user machine via a Secure Sockets Layer connection (paragraphs 0039 & 0055). 

Conclusion 

7. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thomas Gyorfi whose telephone number is (571)272- 
3849. The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571 ) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

TAG 

6/5/08 

/KIMYEN VU/ 

Supervisory Patent Examiner, Art Unit 2135 



